Conference item
Themis: a secure decentralized framework for microservice interaction in serverless computing
- Abstract:
- In serverless computing, applications are composed of stand-alone microservices that are invoked and scale up independently. Peer-to-peer protocols can be used to enable decentralized communication among the services that compose each application. This paper presents Themis, a framework for secure service-to-service interaction targeting these environments and the underlying service mesh architectures. Themis builds on a notion of decentralized identity management to allow confidential and authenticated service-to-service interaction without the need for a centralized certificate authority. Themis adopts a layered architecture. Its lower layer forms a core communication protocol pair that offers strong security guarantees without depending on a centralized point of authority. Building on this pair, an upper layer provides a series of actions related to communication and identifier management—e.g., store, find, and join. This paper analyzes the security properties of Themis’s protocol suite and shows how it provides a decentralized and flexible communication platform. The evaluation of our Themis prototype targeting serverless applications written in JavaScript shows that these security benefits come with small runtime latency and throughput overheads, and modest startup overheads.
- Publication status:
- Published
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Accepted manuscript, pdf, 6.3MB, Terms of use)
-
- Publisher copy:
- 10.1145/3538969.3538983
Authors
- Publisher:
- Association for Computing Machinery
- Host title:
- ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security
- Journal:
- Proceedings of the 17th International Conference on Availability, Reliability and Security More from this journal
- Article number:
- 10
- Publication date:
- 2022-08-23
- Acceptance date:
- 2022-05-16
- Event title:
- 17th International Conference on Availability, Reliability and Security (ARES 2022)
- Event location:
- Vienna, Austria
- Event website:
- https://www.ares-conference.eu/
- Event start date:
- 2022-08-23
- Event end date:
- 2022-08-26
- DOI:
- ISBN:
- 9781450396707
- Language:
-
English
- Keywords:
- Pubs id:
-
1262655
- Local pid:
-
pubs:1262655
- Deposit date:
-
2022-06-09
- ARK identifier:
Terms of use
- Copyright holder:
- Association for Computing Machinery
- Copyright date:
- 2022
- Rights statement:
- © 2022 ACM
- Notes:
-
This is the accepted manuscript version of the paper. The final version is available online from the Association for Computing Machinery at: https://doi.org/10.1145/3538969.3538983| This is the accepted manuscript version of the article. The final version is available online from Association for Computing Machinery at https://doi.org/10.1145/3538969.3538983
This work is related to the thesis Adding security and privacy guarantees in structured peer-to-peer networks.
If you are the owner of this record, you can report an update to it here: Report update to this record